I've seen a number of sandbox violations triggered by the UIProcess not extending access to the cache path used for HTTP/3 negotiations. This seems to happen when the OS overrides the user Safari user setting, or toggles it externally without restarting the process. Rather than trigger failures, lets just extend the path for all users (even if HTTP/3 is off), since it will eventually be on for everyone, and it doesn't expand the sandbox anywhere interesting.
<rdar://problem/76287224>
Created attachment 427306 [details] Patch
At the same time we should probably make defaultAlternativeServicesDirectory return the same directory as something else, like defaultNetworkCacheDirectory. Otherwise, we will have a startup performance regression from additional directory operations.
Created attachment 427386 [details] Patch
Comment on attachment 427386 [details] Patch I think we should just return defaultNetworkCacheDirectory() instead of this.
I don't think we should have anything under NetworkCache directory that is not under control of the NetworkCache code. NetworkCache has habit of wiping out stuff that it doesn't recognize so it is pretty risky.
Committed r276838 (237189@main): <https://commits.webkit.org/237189@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 427306 [details].
Wow -- how did this get landed?
I r+ cq+ your original patch.
(In reply to Alex Christensen from comment #9) > I r+ cq+ your original patch. Oh! Good. I was terrified I had somehow clobbered your and Antti's review stuff. Thanks.
(In reply to EWS from comment #7) > Committed r276838 (237189@main): <https://commits.webkit.org/237189@main> This broke api test on iOS: TestWebKitAPI.WebKit.AlternativeServicesDefaultDirectoryCreation History: https://results.webkit.org/?suite=api-tests&test=TestWebKitAPI.WebKit.AlternativeServicesDefaultDirectoryCreation
(In reply to Aakash Jain from comment #11) > (In reply to EWS from comment #7) > > Committed r276838 (237189@main): <https://commits.webkit.org/237189@main> > This broke api test on iOS: > TestWebKitAPI.WebKit.AlternativeServicesDefaultDirectoryCreation > > History: > https://results.webkit.org/?suite=api-tests&test=TestWebKitAPI.WebKit. > AlternativeServicesDefaultDirectoryCreation I just filed https://bugs.webkit.org/show_bug.cgi?id=225239 about this
Reverted r276838 for reason: Caused TestWebKitAPI.WebKit.AlternativeServicesDefaultDirectoryCreation to fail Committed r276850 (237201@main): <https://commits.webkit.org/237201@main>
Created attachment 427446 [details] Patch
Committed r276862 (237210@main): <https://commits.webkit.org/237210@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 427446 [details].